From owner-freebsd-security@FreeBSD.ORG Sun May 18 01:27:17 2008 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 02812106566C for ; Sun, 18 May 2008 01:27:17 +0000 (UTC) (envelope-from abi@e-arroyo.net) Received: from ocean.hostingzoom.com (ocean.hostingzoom.com [209.51.135.2]) by mx1.freebsd.org (Postfix) with ESMTP id D20628FC14 for ; Sun, 18 May 2008 01:27:16 +0000 (UTC) (envelope-from abi@e-arroyo.net) Received: from [127.0.0.1] (port=33219 helo=209.51.135.2) by ocean.hostingzoom.com with esmtpa (Exim 4.68) (envelope-from ) id 1JxWxd-0006iA-8s for freebsd-security@freebsd.org; Sat, 17 May 2008 19:41:13 -0500 Received: from 75.36.168.192 ([75.36.168.192]) (SquirrelMail authenticated user abi@e-arroyo.net) by 209.51.135.2 with HTTP; Sat, 17 May 2008 17:41:13 -0700 (PDT) Message-ID: <39408.75.36.168.192.1211071273.squirrel@209.51.135.2> Date: Sat, 17 May 2008 17:41:13 -0700 (PDT) From: "Abiron Arroyo" To: freebsd-security@freebsd.org User-Agent: SquirrelMail/1.4.9a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - ocean.hostingzoom.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - e-arroyo.net Subject: Vulnerability with compromised geli credentials? X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: abi@e-arroyo.net List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 May 2008 01:27:17 -0000 I'm not really a developer, but was considering if there is a key vulnerability in geli given that when you change a key there isn't a disk update. Consider the scenario where a new file system is created and populated with some files. At a later time the original key is changed because someone has gained access to the key and passphrase. A new key is generated and attached, but none of the files are modified. Furthermore, let's say the thief has access to the system and is able to update the disk to use the previous key and then reattach/mount. Is it then possible for the person that has the stolen credentials to mount the drive and view the files? The man page does not detail how the metadata is written. With that said, if this is possible, what's the best way to update the system? I suspect that moving the file is not enough, using vi in a script is not very practical, and using cat may cause problems with some special characters.